Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Problem after rename of a domain controller

Posted on 2010-08-18
12
1,526 Views
Last Modified: 2012-05-10
I've decommissioned and domain controller (dc5) and then after a day renamed another domain controller to dc5.

Picking up problems on one of the root dc's where it keeps the serverreference attribute as the old dc's name. Thought this would be easy...

dcdiag throwing machine account errors. have already done a dcdiag /fixmachineaccount

* LIB-DC5-JHB Server Reference is incorrect! Should be CN=LIB-DC5-JHB1,OU=Domain Controllers,DC=something,DC=fin-za,DC=net, and is CN=LIB-DC5-JHB,OU=Domain Controllers,DC=something,DC=fin-za,DC=net.

ldap_search_sW failed with 2: The system cannot find the file specified.

......................... LIB-DC5-JHB failed test MachineAccount

When I go into adsiedit on the root dc and try and change the serverreference attribute it defaults back to the old name.
0
Comment
Question by:Nelesh_N
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33462481
Its never as easy as that, although it should be...

here is a great article on achieving what you need ;

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/72d5eda0-7185-4f97-a1cf-7952c12dc786
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33462815
Did you actually demote the old DC5 before it was removed?
If so then a simple DCDIAG /fix may solve the problem
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33463571
Yes I did do a demotion to a member server. Will try.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:Nelesh_N
ID: 33463686
nope doesnt work.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33464416
only one of the three root dc's that I have is picking up this problem.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33469701
What if you change the name to something else?

Then possibly change it back?

Strange one this.
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33473414
This server had FSMO roles and did you moved them?
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33474450
Yes they were moved...
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33474857
You need to go to AD sites and services, enter in the site where DC5 was and remove all entries about him.
Then do the same on the DNS and AD users and computers on the domain controllers container.

I would suggest to give a different name, because sometimes conflicts may ocur with some objects that may have be with the ID of the demoted DC.

So if you can try to change it.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33496096
So the problem is that there was a lib-dc5-jhb already in the environment, then a lib-dc5-jhb1 was introduced. The second machine is a hardware replacement for lib-dc5-jhb. I then did the dcpromo to remove lib-dc5-jhb - all went successfully. Then I renamed lib-dc5-jhb1 to lib-dc5-jhb. This is where the problem lies, I dont think AD likes the reuse of machine names. If I do a ntdsutil I dont see any refernce to lib-dc5-jhb1 but if I go to sites and services on another dc which happens to hold fsmo roles and is in the root. Go to sites and services, if I go to properties on lib-dc5-jhb I still see the server name as lib-dc5-jhb1. If I try to change the serverreference in adsiedit it defaults back to lib-dc5-jhb1. Why it must be pulling this info from somewhere, I also looked at DNS and cannot find any reference to lib-dc5-jhb1...
0
 
LVL 1

Accepted Solution

by:
Nelesh_N earned 0 total points
ID: 33624216
Ended up removing LIB-DC5-JHB... fixed my problem will reintroduce as another dc.
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33624860
Its the best solution because even if you remove all entries as stated there the possibility the remainings of the old SID lying arround and will create enough problems with the same name. If seen this too often and normally the best solution is to rename to a new name. Because the time consuming to solve AD issues sometimes is extremely high.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question